Government submission
to the
Special Committee to Review the
Freedom of Information and Protection of Privacy Act
March 15, 2010
Table of Contents
Executive Summary...... i
Foreword...... 1
PART 1 – The Freedom of Information and Protection of Privacy Act...... 2
Overview of the Act...... 2
Governance, Management and Administration of the FOIPP Act...... 4
PART 2 – Protection of PRivacy In B.C....... 6
Overview of Privacy Provisions...... 6
The Privacy Environment – Then and Now...... 9
Challenges and Opportunities Moving Forward...... 14
PART 3 – ISSUES & CHALLENGES FACED BY MINISTRIES...... 16
Attorney General and Public Safety and Solicitor General...... 16
Housing and Social Development...... 39
Ministry of Children and Family Development...... 48
Health Services and Healthy Living and Sport...... 61
Citizens’ Services...... 71
Conclusions and Recommendations for amendments to the FOIPP Act...... 86
Executive Summary
Structure of Submission
This submission to the Special Committee to Review the Freedom of Information and Protection of Privacy Act (the FOIPP Act) consists of two general parts: part one provides a brief overview of FOIPP Act, its governance and administrative framework and a summary of amendments to the FOIPP Act; part two focuses on the protection of privacy providing an overview of the privacy provisions of the Act, the current operating environment for government, chapters focused on specific FOIPP Act issues experienced by ministries, the related challenges and how these can be addressed, and a conclusion section containing recommendations for amendments to the FOIPP Act.
Overview of the FOIPP Act
The FOIPP Act came into force on May 22, 1992 and was proclaimed in stages from 1992 through 1994, extending the Act to an expanded set of public bodies with each stage. The purpose of the FOIPP Act is two-fold: 1) to promote accountability by providing a right of access to records and information of public bodies; and 2) to protect personal information by prohibiting the unauthorized collection, use, disclosure, or storageof personal information by public bodies.
The FOIPP Act is prescriptive legislation, outlining in specific detail the rules and requirements respecting citizens’ access to information rights and how to exercise them, and their right to privacy including what, when, why and how personal information can be collected, used, disclosed and retained by public bodies.
The FOIPP Act has been amended several times over the years, both in response to Special Committee reviews and in response to other reviews and developments. Some of the recent significant amendments to the Act include provisions to limit the storage and disclosure of personal information outside of Canada and allow disclosure for the purpose of anintegrated or common program or activity. There are issues with the efficient and effective application of FOIPP Act, but amending the Act is controversial with stakeholders who perceive any change as a potential threat to the access and privacy rights enshrined in the legislation.
Governance and Administration of the FOIPP Act
The effective functioning and implementation of the FOIPP Actis dependent upon the ability, capacity and good faith actions of public bodies to carry out their duties and obligations under the Act. The responsible Minister, currently the Minister of Citizens’ Services, is responsible for the administration of the Act and has certain regulatory authority. The Government’s Chief Information Officer (GCIO), within the Ministry of Citizens’ Services provides leadership, advice and support to ministries and manages the legislative change process. The Chief Executive Officer, Shared Services BC, through the Information Access Operations branch, is responsible for supporting ministries in meeting their operational records access and privacy needs. The Information and Privacy Commissioner, an independent Officer of the Legislature, has board responsibility for overseeing and monitoring how the FOIPP Act is administered and for ensuring that its purposes are achieved.
Privacy Protection under the FOIPP Act
Privacy Rules and Requirements
The privacy provisions of the FOIPP Actare based on the principle that individuals own their personal information and that they have a general right to privacy. Part 3 of the Act prescribes detailed rules and requirements respecting the collection, use, disclosure, retention, security, accuracy and disposal of personal information by public bodies. This includes limitations on the collection, use and disclosure of personal information subject to certain allowable circumstances and exceptions; the right of an individual to review and correct their information; that personal information must be generally stored in Canada and rules respecting security, retention and disposal of personal information.
The Changing Environment
The world is a very different place than when the Act was first introduced 18 years ago. The use of computers, other technology, and the internet is now commonplace among British Columbians. Citizens are demanding convenient, accessible and on-time service, including from government. Government, in turn, is changing the way it does business and is increasingly looking to ways to enhance the quality of its services and its accessibility and responsiveness in meeting the needs of citizens through innovative program delivery and the use of new developments in information technology and management. This change in approach to service delivery includes an increasing move to horizontal and integrated program delivery models to more effectively serve citizens and achieve better outcomes for clients. The transformation of government service delivery is also a response to demographic pressures requiring government to deliver quality services with fewer staff by implementing innovative programs and leveraging information technology.
Addressing Barriers to Better Service Delivery
As highlighted in the Ministry chapters, ministries and government agencies face challenges in effectively sharing information to better meet the needs of clients, providing accessible and responsive services and promotingstronger engagement with citizens. British Columbia is not alone in addressing issues related to the effectiveness of information sharing to provide better services to citizens. Many jurisdictions, including commonwealth countries and European nations have recently initiated legislative amendment and policy reform processes to facilitate personal information flows designed to improve the effectiveness and efficiency of government services and service delivery to citizens.
Opportunities for Moving Forward
The B.C. Government is committed to enhancing services for British Columbians. Although B.C. is already deliveringa wide range and scope of services to meet the needs of clients, improvements can be made to enhance the timeliness, accessibility, responsiveness and effectiveness of services. Government needs to leverage information sharing to produce better outcomes for citizens; provide services to citizens in more efficient and effective and coordinated ways; and respond to clientneeds and service demands.
Recommendations for Change to Privacy Provisions of the FOIPP Act
Amendments to the FOIPP Act are needed to facilitate information sharing in order to support the B.C.government’s ability to enhance services and implement new and innovative approaches to better meet the needs and expectations of citizens.
Following is summary of recommendations to amend the FOIPP Act to address the current challenges and to support government in providing more efficient, effective and responsive services to meet citizens’ needs and expectations:
Consent, Collection and Disclosure /- Amend the consent provisions to allow an individual to consent to the collection, use or disclosure of their personal information by a public body (similar to the Personal Information Protection Act (PIPA)).
- Amend the Act to allow for indirect collection by, and disclosure to and between all relevant public bodies, without consent, for purposes of integrated program or activity; where of benefit to the citizen and necessary to the delivery of the service or program; and/or for public health and safety.
- Amend the Act to allow for indirect collection by, and disclosure to, non public bodies (RCMP, NGOs and social service providers, government and police agencies in other jurisdictions), without consent, for the purposes of integrated program or activity; where of benefit to the citizen and necessary to the delivery of the service or program and/or for public health and safety.
- Amend the act to provide for implicit consent (similar to PIPA).
Consistent Purpose /
- Amend the consistent purpose provisions to ensure the full, comprehensive and effective application of this provision as the basis for information sharing, including that consistent purpose covers information sharing (collection and disclosure) within the public body and between all public bodies where the sharing supports the provision of the program or service, and related services, to the citizen, meets the citizens’ service needs and provide seamless, integrated program and service delivery (including integrated or common programs or activities addressing domestic violence, homelessness and integrated justice or crime reduction programs)
Common or Integrated Program or Activity /
- Amend the Act to facilitate delivery of integrated programs by ensuring full and effective information sharing under common or integrated programs and activities (i.e., integrated or common programs or activities addressing domestic violence, homelessness and integrated justice or crime reduction programs) including:
○allowing for the collection and disclosure of personal information, both indirect and direct, within the common or integrated programs or activities among all relevant parties, including public bodies and non public bodies (RCMP, NGOs and social service providers, government and police agencies in other jurisdictions); and
○streamlining and providing for the appropriate records management requirements to enable effective and efficient information sharing in a common or integrated program while ensuring the security and protection of personal information
Storage of Personal Information Outside of Canada /
- Amend the provisions in the Act prohibiting the storage of information outside of Canada to take into account IT developments and advancements that make jurisdictional boundaries artificial, including social networking and other internet tools and mechanisms that can promote stronger citizen engagement and to take advantage of commercial and economic opportunities for storage and management of information including “cloud computing”.
Research and Evaluation /
- Amend the Act to include language confirming a broader approach to research so that applied research into issues, facts, trends, etc. for the purpose of program planning and/or evaluation can be undertaken.
Other Recommendations / Ministries of Attorney General and Public Safety and Solicitor General:
- Amend the Act to broaden the definition of “law enforcement” to include crime prevention or reduction programs and provide that information may be collected for these purposes;
- Amend the Act to clearly recognize that the protection of custody setting security footage is integral to effective law enforcement and add an explicit reference in s. 15(1) that authorizes a public body to refuse to disclose information to an applicant that could reasonably harm the effectiveness of custody setting security systems;
- Amend the Act to strengthen the protection of privacy of personal information in police audits and other oversight functions by exempting any records generated from Police Act audits and examinations from the access provisions of the Act;
- Amend the Act to provide more appropriate timelines for compiling a major report for publication;
- Amend the Act to change the term "record in a court file" to"court record" and include a current definition of"court record" that takes into account new technology such as “Court Services On-Line” that provides greater access by the public to court record information.
Ministry of Housing and Social Development:
- Change the definition of “personal information” to “private information” in recognition that not all personal information is private and sensitive (“private information” would include date of birth, government issued identification material, bank account numbers, credit card numbers, financial transaction information, biometric information, medical information, security related details, etc).
Ministries of Health Services and Healthy Living and Sport
- Adjust public body framework by amending the Act to recognize the changes to the “Health Sector” by defining “health care body” to reflect a “health sector family” model. Under this proposed model, the Ministry of Health Services would be the “parent” public body for the health sector with pre-eminent authority over the information necessary to manage the system; health authorities which play a subsidiary role in the management of the delivery of services in partnership with the ministry would form a “constellation” of bodies below the Ministry and these “child” bodies would take direction from the Ministry.
Ministry of Citizens’ Services:
- Revise the collection provision to clearly state the point at which collection occurs.
Foreword
The government submission to the Special Committee to Review the Freedom of Information and Protection of Privacy Act (the FOIPP Act) consists of two general parts:
- Part 1 provides a brief overview of the FOIPP Act, outlines the governance and administrative framework, and summarizes amendments to the Act;
- Part 2 focuses on the protection of privacy framework in BC. It provides an overview of the privacy protection provisions under the FOIPP Act and the current environment in which government operates;
- Part 3 is composed of chapters prepared by the ministries of: Attorney General and Public Safety and Solicitor General, Housing and Social Development, Children and Family Development, Health Services and Healthy Living and Sport, and Citizens’ Services, outlining the challenges and issues faced by individual ministries with respect to the FOIPP Act; and a summary of the common themes and proposed recommendations for amending the FOIPP Act to ensure that government can better serve its citizens while maintaining protection of personal privacy.
Part 1 – Freedom of Information and Protection of Privacy in BC
PART 1 – The Freedom of Information and Protection of Privacy Act
Overview of the FOIPP Act
Passage and Implementation
The Freedom of Information and Protection of Privacy Act (FOIPP Act) was passed unanimously by the Legislature on May 22,1992.
Implementation of the FOIPP Act was staged:
○in October 1993 the Act came into force for ministries, Crown corporations and other provincial agencies;
○in October 1994 the Act was extended to include local public bodies, including municipalities, municipal police boards, school boards, universities and colleges, hospitals and regional hospital boards; and
○in May 1995 self-governing professions including the College of Physicians and Surgeons, the Law Society of B.C., and the College of Teachers came under the purview of the Act.
Scope and Purposes of the FOIPP Act
The FOIPP Actapplies to all records in the custody and control of public bodies. Public bodies include all ministries, crown corporations, provincial boards and councils, local government bodies and governing bodies of professions or occupations.
The purposes of the FOIPP Act are to make public bodies more accountable to the public and to protect personal information by:
- providing the public a right of access to records held by public bodies;
- giving individuals a right of access to their own personal information, and the right to request a correction of this information;
- defining limited exceptions to the right of access;
- prohibiting the unauthorized collection, use and disclosure of personal information by public bodies; and
- providing for independent oversight and review of decisions made under the Act through the Information and Privacy Commissioner.
The FOIPP Act outlines in specific detail the rules and requirements for access and privacy; it was modeled on the prescriptive style of early Canadian privacy and access legislation, in particular the Ontario legislation. The FOIPP Act includes a distinct Part that prescribes detailed rules respecting citizen’s access to information rights and how to exercise these including how to make a request, contents of the response, through to how access must be given. The second major part of the Act prescribes detailed rules respecting what, when, why and how personal information can be collected, used, disclosed and retained by public bodies.
Amendments to the FOIPP Act
Section 80 of the FOIPP Act requires that the FOIPP Act be comprehensively reviewed every six years by a Special Committee of, and appointed by, the Legislative Assembly. A report containing recommendations on amendments to the FOIPP Act must be submitted to the Legislative Assembly withina year of the appointment of the committee. The current review is the third review undertaken[1].
The first Special Committee review, initiated in 1997 and completed in 1999, made a number of recommendations for amendment to the FOIPP Act (it had not been amended since 1993). In response to these recommendations the government launched a comprehensive two-phase review of the FOIPP Act with the objective “to increase openness in government and reduce compliance costs”.
The first phase of this review was completed in April 2002 and resulted in a number of amendments to the FOIPP Act that were relatively limited in scope:
- responded to some of the recommendations of the Special Committee of the Legislative Assembly that reviewed the FOIPP Act from 1997-1999;
- addressed some immediate cost and compliance issues; and
- made some adjustments to the operations of the Office of the Information and Privacy Commissioner (OIPC) to assist that office in meeting its legislative responsibilities while meeting fiscal restraint targets.
The second phase involved an extensive review of the FOIPP Act as well as all suggestions for change made by ministries, stakeholders and the public. The resulting amendments were designed to: